A policy is a combination of multiple privileges packed for a specific user role. User privileges can be better and conveniently managed with a proper design and usage of policy.
Policy has the following features:
- Please refer to chapter Basic Concepts for the naming conventions of policy;
- A policy comprises multiple privileges and sub policies.
Show Policy
Returned table name: _policy
Returned table header: name
| graphPrivileges
| systemPrivileges
| policies
(the name, graph privileges, system privileges and sub policies of the policy)
Syntax:
// To show all policies in the current Ultipa instance
show().policy()
// To show a certain policy in the current Ultipa instance
show().policy("<name>")
Create Policy
Syntax:
// To create a policy in the current Ultipa instance
create().policy("<name>", <{}graph_privileges?>, <[]system_privileges?>, <[]policies?>)
where the format of <{}graph_privileges>
is:
{
"<graphSet1>":["<graph_privilege>", "<graph_privilege>", ...],
"<graphSet2>":["<graph_privilege>", "<graph_privilege>", ...],
...
}
Note: When using asterisk *
to replace the GraphSet name <graphSet>
, it represents all GraphSets in the current Ultipa instance.
Example: Create policy named "sales" that has privilege UPDATE against GraphSet "default" and "client", and system privilege STAT
create().policy(
"sales",
{"default": ["UPDATE"], "client":["UPDATE"]},
["STAT"]
)
Example: Create policy named "manager" that has UPDATE against all graphsets, and policy "sales"
create().policy(
"manager",
{"*": ["UPDATE"]},
[],
["sales"]
)
Alter Policy
Syntax:
// To modify a certain policy in the current Ultipa instance
alter().policy("<name>")
.set({graph_privileges:<{}new?>, system_privileges:<[]new?>, policies:<[]new?>})
Example: Modify policy "sales", make it only has UPDATE against graphset "default"
alter().policy("sales")
.set({graph_privileges: {"default": ["UPDATE"]}})
Example: Modify policy "manager", make it has UPDATE and DELETE against all graphsets, and sub policy "sales"
alter().policy("manager").set({
graph_privileges: {"*": ["UPDATE", "DELETE"]},
policies: ["sales"]
})
Drop Policy
Syntax:
// To delete a certain policy from the current Ultipa instance
drop().policy("<name>")